Starling Bank

We read Starling Bank's privacy policy so you don't have to.

  • Find out what they do with data about you
  • Contact them if you have a request about that data
Make a request

Organisation information

Registration country

United Kingdom

Registration number

09092149

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Email address

dpo@starlingbank.com

Data categories collected

Organisations must give details about what categories of data are stored and processed.

  • Bank account details

  • Bank transactions

  • Date of birth

  • Device information

  • Email address

  • Location

  • Postal address

  • Telephone number

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

How specific is this information?

Third parties are listed as groups

Retention rules

Organisations must give details about how long data is kept.

Summary

Six years but in certain circumstances, including through regulatory requirements, they may store it for a longer period

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Specific times are given for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Consent

    2.3. to operate our Marketplace and to provide information about you to Marketplace partners and businesses that integrate with our APIs that you choose to integrate with;

    We process your information for the purposes set out above on the following grounds: your consent to do so where you choose to share your information with Marketplace partners and any other third parties and where it is necessary for the adequate performance of contracts with you and to take steps requested by you prior to you entering into contracts with us where Marketplace partners share it with us and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.

  • Contract

    2.2. to carry out our obligations arising from any contracts entered into between you and us;

    We process your information for the purposes set out above on the following grounds: where it is necessary for the adequate performance of contracts with you and to take steps requested by you prior to you entering into contracts with us.

  • Legitimate interests

    2.4. to provide information, products and services that are requested from us, or other products and services we offer or our business partners offer or to provide and to notify you about changes to our services;

    We process your information for the purposes set out above on the following grounds: given our legitimate interest in undertaking activities to offer you products or services that may be of interest to you or that you have expressed an interest in hearing about, given our legitimate interest in providing banking and financial services, operating and improving Starling and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.

    2.5. to measure or understand the effectiveness of any functionality or access to, or the commerciality of, any products or services we offer or to which we provide access and we use analytics and search engine providers to assist us in the improvement and optimisation of our websites, the App and our business generally.

    We process your information for the purposes set out above on the following grounds: given our legitimate interest in operating and improving Starling and providing banking and financial services.

Security standards

Organisations must ensure that data is stored and processed securely.

Observations

5.1. We process your information and store it on servers managed by our hosting providers.

5.2. Those servers are located across a number of secure data centres in the EEA. Our server environment is highly secure and there is very limited personnel access. Any information will be encrypted “at rest” (in other words, on being stored).

5.3. We try to ensure that we do not send your information outside the EEA. However, this is not possible in all cases:

5.3.1. in relation to a very small number of our suppliers, your information may be transferred to, and stored at, a destination outside the EEA as well as processed by staff operating outside the EEA who work for them. We often rely on the EU-U.S. and Swiss U.S. Privacy Shield Framework to safeguard the transfer of your information outside the EEA. We will ensure that suitable safeguards are in place before your information is transferred outside the EEA as required by law and we will take all steps reasonably necessary to ensure that information about you is treated securely and in accordance with this notice;
5.3.2. if you are outside the EEA and make payments or send messages, or you are in the EEA and make payments or send messages outside the EEA, we may process payments through other institutions and payment systems. They may have to process and store information about you in connection with their own regulations; please note that the standards to which they adhere may not be as stringent as those in the EEA.

How specific is this information?

This organisation provides specific details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

Type

Adequate protections are provided by this organisations Terms of Service

URL

https://www.starlingbank.com/legal/privacy-notice/

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation uses automated decision making

How specific is this information?

The organisation mentions use of automated decision making for specific purposes

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

Summary

This privacy notice contains information about to make a complaint to a data protection regulator

How specific is this information?

This privacy notice contains specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Make a request

  • See data they hold about you

    You can ask to see what data Starling Bank has about you. They usually can’t charge for this, and they must respond to your request within a month.

    Why you might make this request

    You might want a copy of the data about you to understand what data the organisation has collected about you.

    By email

    Email dpo@starlingbank.com using a template.

    Template

    Copy template to clipboard

  • Change data they hold about you

    You can ask Starling Bank to change inaccurate or incomplete data about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    If an organisation is using information about you which is incorrect, you can ask them to correct it.

    By email

    Email dpo@starlingbank.com using a template.

    Template

    Copy template to clipboard

  • Delete data they hold about you

    You can ask that Starling Bank delete information about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    You might want to delete data about you if, for example, you have stopped using an organisation’s services.

    By email

    Email dpo@starlingbank.com using a template.

    Template

    Copy template to clipboard

  • Limit how they use data about you

    You can ask that Starling Bank only store data about you and not use it. They must respond to your request within a month.

    Why you might make this request

    You might want the accuracy of the data to be verified or you might want the organisation to hold on to data so you can make a legal claim against them.

    By email

    Email dpo@starlingbank.com using a template.

    Template

    Copy template to clipboard

  • Stop their use of data about you

    You can ask Starling Bank to stop using your data for particular reasons. They must respond to your request within a month.

    Why you might make this request

    You might want to stop the organisation using your data to for direct marketing.

    By email

    Email dpo@starlingbank.com using a template.

    Template

    Copy template to clipboard

  • Export data they hold about you

    You can ask Starling Bank to move data about you to another service or provide it in a format that can be used by another service.

    Why you might make this request

    You might want to move your data to another organisation to get a better deal.

    By email

    Email dpo@starlingbank.com using a template.

    Template

    Copy template to clipboard

  • Challenge an automated decision

    You can ask Starling Bank to give you information about how they use automated decision making, or ask for a person to review an automated decision.

    Why you might make this request

    You might want to find out about an automated decision if, for example, you were rejected for a bank loan or account.

    By email

    Email dpo@starlingbank.com using a template.

    Template

    Copy template to clipboard

Last updated 2019-01-30 at 10:01:19 • Download as JSONAPI documentationView on GitHubView on OpenCorporates